CN1254464A - Transmitting revisions with digital signatures - Google Patents

Transmitting revisions with digital signatures Download PDF

Info

Publication number
CN1254464A
CN1254464A CN98804725A CN98804725A CN1254464A CN 1254464 A CN1254464 A CN 1254464A CN 98804725 A CN98804725 A CN 98804725A CN 98804725 A CN98804725 A CN 98804725A CN 1254464 A CN1254464 A CN 1254464A
Authority
CN
China
Prior art keywords
document
signature
time tag
time
revision
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN98804725A
Other languages
Chinese (zh)
Other versions
CN1149784C (en
Inventor
M·埃斯蒂恩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Koninklijke Philips NV
Original Assignee
Koninklijke Philips Electronics NV
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Koninklijke Philips Electronics NV filed Critical Koninklijke Philips Electronics NV
Publication of CN1254464A publication Critical patent/CN1254464A/en
Application granted granted Critical
Publication of CN1149784C publication Critical patent/CN1149784C/en
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3821Electronic credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps

Abstract

In a computer network, documents are produced, the document is hashed to produce a fingerprint, and the fingerprint is encrypted to sign the document, then the document signature is transmitted from the user system to a secure computer system. The secure computer system creates a time stamp including the document signature and a digital time. The secure system signs the time stamp to verify its origin. The time stamp and notary's signature are transmitted from the secure system to the user's system. The user has access to the notary's public key which is used to determine whether the time stamp is authentic. Then the document is revised, the revised document is hashed and the hash is combined with an indication that the revision is related to the original document. The indication could be a hash of the original document, the original document signature, the notary's time stamp for the original document, or the notary's signature for the original document.

Description

The revision version of transport tape digital signature
Invention field
The present invention relates to the cryptography field, relate more specifically to password time mark document to prove their existing at a special time.
Background of invention
Generally many, people need verify the existence of a digital document (being the document that is stored in the computer system) a specific date digitally.Just, we may need proof since certain specific date, for example date created of declaring of the document or transmission date, since do not change or revised.
Provide a kind of method of this proof to be considered to electronics notarization or time mark.A uni-directional hash of document is generated, and this hash is used the possessory private key encryption of document to form so-called digital signature.The document signature is transmitted to a digital notary or time printing person, they are with digital signature and combine a digit time (numeral of date and time) to form a time tag, with this time tag hash, and use digital notarial private key to encrypt this time tag hash is called as the time tag signature with formation another digital signature.Then, notary sends a proof that comprises time tag and time tag signature to the author.Any people with notarial public-key cryptography can decipher time tag signature and with the result with author's signature and in proving the hash of time compare, signature in order to the proof author exists when proof is created, and the people that the time of the signature of server and proof quilt can the notarial private key of access is encrypted at first together.
The affirmation of digital document is disclosed in No. 5136646, the United States Patent (USP).Affirmation by the secure hardware in the system is disclosed in No. 5001752, the United States Patent (USP).The public key encryption method is disclosed in the volume IT-22 of IEEE information theory journal in November, 1976 publication by Diffie and Hellman, the the 644th to 654 page paper " the new direction of cryptography ", and in United States Patent (USP) 4405829 (to Revest) and No. 4868877.Uni-directional hash is disclosed in " not having conflict hash function and public-key cryptography signature scheme ", Advances in Cryptology-Eurocrypt ' 87, and Springer-Verlag, LNCS, 1988, roll up 304, the 203 to 217 pages.
Above-mentioned quoting is hereby incorporated by.
Summary of the invention
A target of the present invention provides the method and apparatus that is used to identify revision version.
Among the present invention disclosed herein, original document and signed by this way from the revised document that original document is derived, except that the affirmation time of the source of revision version and revision version, the relation of original document and revision back document also can be verified.
In one embodiment of the invention, original document is signed and is confirmed, the document is modified then, and the relation of revision version and it and original document is signed and confirmed.In another embodiment, the revision version of original document and a document that automatically generates is signed simultaneously and is confirmed.This allows the writer identity of a revision version that automatically generates and the proof of rise time, a lossy compression method of this revision version such as information.
With revealed or become apparent for those skilled in the art, wherein following accompanying drawing has shown the element of appended claim of the present invention to the advantage of other interchangeable selection and applicant's invention by research detailed description with reference to the accompanying drawings.
III. Summary of drawings
Fig. 1 a-1d has shown the flow chart of the one particular embodiment of the present invention that are used to identify revision version.
Fig. 2 a-2d has shown the flow chart of another specific embodiment of the present invention that is used to identify revision version.
Fig. 3 a-3c has shown another flow chart of the one particular embodiment of the present invention that are used to identify revision version.
Fig. 4 has shown a sample embodiment of network system of the present invention.
Fig. 5 provides the additional detail at the creative work station of Fig. 4.
Fig. 6 has shown the additional detail of the security server of Fig. 4.
Fig. 7 has shown the additional detail of notary's main frame of Fig. 4.
Fig. 8 has shown the specific embodiment of equipment of the system of composition diagram 3.
IV. preferred embodiment describes in detail
Fig. 1 a-1d has shown the flow chart of the one particular embodiment of the present invention that are used to identify revision version.First group of step 100 of Fig. 1 a display packing, wherein the software that loads on author's work station is provided for establishment and signs a digitlization document, and other people can identify the source of the document thus.The author have can enciphered digital information private key, other people have the public-key cryptography that can decipher this information.Promptly, author's key that exposes can obtain with being disclosed, and for example, the source that will verify report on server (for instance, the author has generated this report) or the report integrality (that is, this report by the signature after be not changed) other people can visit this report and public-key cryptography.In first 100 of the present invention, in step 102, the author uses the report of software creation (digital document) on the work station that is carried in the server that is connected to a network, and author's input command is submitted this report to this server.
This report comprises some people to be proved possibly and derives from author and unaltered information type.In step 103, author's work station uses the one-way Hash process of appointment with this report hash.The advantage of uni-directional hash is that it can not be deciphered the document conversely, even therefore the document is secret or private, its hash needn't keep secret.In step 104, work station is encrypted this hash to form the signature of author to this report with author's private key (or private key of work station).It is that this report creator and this report be not by evidence that other people change that the purpose of encrypting provides the author.Encryption to hash is irrelevant with the secret that keeps data or hash, just is used to prove integrality and source.This report may comprise or relate to out of Memory, such as title, author's name, work station identifier, creation-time.If desired, this work station can be stored this report, hash explicitly, and signature.Here, the related meaning is meant that this report fact relevant mutually with signature with hash also is kept on this work station.In step 106, work station is to client's server transmission author's sign, and the title of report is reported, and the author is to the signature of report.If the content of report is secret or private, before transmission, between work station and server, form a safety and connect, server is a security server.In step 107, server will be reported hash, and use author's public-key cryptography deciphering author's signature.The signature of the hash relatively reported of server and deciphering is to verify whether they mate then.If their couplings, server knows that signature and report are from author (or have at least author's private key someone), because be the author public-key cryptography to signature separate close, and server also know the signature and the report since the author signs report, be not changed.In step 108, server is stored this report explicitly, author's sign (ID), and author's signature.Once more here, storage means that the fact that is mutually related between coherent element also is stored explicitly.
In next group step 110 of Fig. 1 b, server obtains the time tag of this report, and stores this time tag explicitly with this report.In step 112, server sends author's signature to notarial host computer system by network.Replacedly, notary can be the security of server hardware, for instance, has the equipment of private key, unless destroy this equipment, the owner of server can not know maybe and can not find.Because signature is not a secret, does not need the fail safe of height for the transmission of signature.In step 113, main frame is created one and is comprised author's signature, time of reception, notary's sign, sequence number, and the time tag of customer ID.In step 114, notary's hash time tag.In step 115, notary uses notarial private key time of signature sign.In step 116, the time tag of notary's storage report and notary signature.In step 117, notary is to server transmitting time sign and notary signature.In addition, before one or more and/or follow-up time tag can in a bag, be sent to client's server, therefore by with time tag in other trade connection of determining, the time proximity of time tag can be verified independently.In step 118, for verifying notarial signature, server hash time tag is also deciphered notarial signature with notarial public-key cryptography.In step 119, the result of server comparison step 118, if both couplings, time tag is verified so.That is, server knows that time tag and notarial signature are from notary and are not changed.In step 120, server with report explicitly memory time sign, notary signature, and before all and/or follow-up time tags.
In next group step 120 of Fig. 1 c, the copy that a reviser (personal user) obtains report (original document) is used for revision and verifies its source and integrality.In step 122, the reviser is from the server requests initial report.There is some people of many situations may need to revise a document, for example, increases additional materials or right a wrong.Preferably, the reviser tells server to want to revise report, and the server refusal sends this report (that is, this report is locked for revision, revision version is provided or discharges this lock up to the reviser) to the people of any other request revision this report thereafter.In step 123, server sends initial report, the time tag of report and notary signature to reviser's work station.In step 124, reviser's work station hash time tag is also deciphered notary signature with the checking notary signature with notarial public-key cryptography.That is, if the signatures match of hash and deciphering, the reviser knows notary signature by someone generation that has notary's private key so, and the information in the time tag exists when signature is generated.Because time tag comprises the time (comprising the date) that the author signs and notary signature is generated, and can prove that author's signature exists at that time.In step 126, work station hash this report is also used notarial public-key cryptography deciphering author's signature (being included in the time tag) and is compared the signature of both results with the checking author.That is, if author's signatures match of hash and deciphering, this report is had someone signature of author's private key so, and has not been changed since by signature.
At Fig. 1 d, in last group step 130 of this first embodiment, the reviser creates the revision version of this report, and this revision version is digitized signature, the notarization of the ground of storage, and digitlization safely.In step 132, the reviser creates the revision version and the input command of this report and submits this revision version to server.In step 133, work station merges revision version and former time tag, and the hash amalgamation result.The purpose that merges time tag and revision version before signature is to allow to be proved to be with the relation of original document.Replacedly, except that time tag, the information of other indication revision version history can merge with revision version, the signature of initial report for example, and a hash of initial report, or the time tag signature can be contained in the amalgamation result.In step 134, work station uses reviser's's (or work station) private key to encrypt the hash of amalgamation result to form reviser's signature.If desired, work station can be stored this revision version, hash, and reviser's signature.In step 135, work station sends revision version to server, reviser's sign, revised edition title and reviser's signature.In step 136, server merges the time tag of revision version and initial report, the hash amalgamation result, and use reviser's public-key cryptography to decipher source and the integrality of reviser's signature with the checking revision version.In step 137, if signature that server is relatively deciphered and hash are reviser's signatures match of hash that obtains and deciphering, server knows that revision version is from the reviser so, revision version is based on initial report, and after reviser's signature, revision version and signature were not changed.In step 138, security server and initial report are stored revision version explicitly, reviser's sign, title and reviser's signature.In step 139, server obtains the time tag of reviser's signature and stores this time tag explicitly with revision version from notary.This is identical with the process to the initial report mark time that the front is described in step 110.After this, Wei Lai revision version will generate to prove the history of version in a similar manner based on nearest version.
Fig. 2 a-2d shows the interchangeable specific embodiment of the present invention that is used to identify revision version.In first group of step 160 of Fig. 2 a, the author creates an image and gives a server with this picture transmission, and this server is signed image and storage for the author.In step 162, the author operates visual maker establishment image and initialization is submitted this visual process to security server.The image maker can be any equipment of making image, such as commercial page or leaf scanner, medical scanners (electrocardiogram/angiogram, ultrasonic imaging, computed axial x body section roentgenography X, magnetic resonance imaging instrument, x ray scanner) or the method for any known manufacturing image, this image can be image video or audio frequency.In step 163, visual maker is visual to the security server transmission by secure link.This transmission will be determined author or image producing device.Server can return the sequence number of a visual maker with the later visit to this image of convenience.In step 164, server with visual maker sign or author's sign merges with image and the hash amalgamation result to produce a visual hash, replacedly, server can merge the hash of scanner sign or author's sign and image so that the hash of image to be provided.The famous method that merges comprises that sign is appended to visual hash back maybe will identify and visual hash XOR.Replacedly, visual maker or author can have specific individual/open code (key) right, and this password proves visual source to being used to, thereby visual maker sign or author's sign needn't be integrated in the image before hash.In step 166, the amalgamation result that server uses the private key (or be stored on the server the author's or visual maker private key) of server to encrypt to determine is to form the image signature.In step 167, server is memory image explicitly, visual maker sign (or author's sign), the image sequence of visual maker number, visual hash, and the image of server signature.
In next group step 170 of Fig. 2 b, server is that image obtains time tag and time tag signature from notary.In step 172, server is established to the connection of notary's mainframe network, and server is to the image signature of this main frame send server then.In step 174, this main frame is created the image signature that comprises server, time of reception, notary's sign, the sequence number of time tag (sequence number that is different from image), and the visual time tag of server identification.In step 175, the main frame hash should the image time tag, and in step 176, main frame is with notarial private key time of signature sign hash.In step 177, host stores image time tag and notarial image signature.In step 178, main frame proves to the image that Server Transport comprises visual time tag and notarial image signature.In step 179, the server hash should the image time tag and is used integrality and the source of the notarial image signature of notarial public-key cryptography deciphering with proving time sign and notary signature.In step 180, the image sequence of server and visual maker number is stored notarial image proof explicitly.
In the next part step 190 of Fig. 2 c, server is automatically revised image and is also obtained the time tag of notarizing for revision version.In step 192, server compresses image.For example, a bitmap is used the JPEG compression, and an audio image is used MPEG-2 or Doby AC3 compression, or a video image is used the MPEG-2 compression.In step 194, the image sequence of server and visual maker number and other be the image after the store compressed explicitly for information about.In step 196, the image after server will compress merges with the notary signature of image, for example by they are attached to together.In step 198, server hash amalgamation result is to produce the hash of compression back image.In step 199, the hash of server for encrypting compression back image to be to generate the server signature of compression back image, and in step 200, server and compression back image be the hash of image and the server signature of compression back image after the store compressed explicitly.In step 201, server from notary for the server signature of compression back image obtain compression back image proof (notary signature of the time tag of compression back image and compression back image just), and with compression back image explicitly after the store compressed image proof.In step 202, server can be deleted original image to save memory space, but this means that certainly the user can not prove the date created or the source of original picture at least independently according to the record of security server, and compression back image is the product of original picture.Deletion may be required that because especially for video image, unpressed image may need to compress the memory space of 100 times in back image, and the client possibly can't provide a large amount of like this memory spaces.Replacedly, original picture can be archived to movably that tape or CD and off line are preserved or even send long preservation.
In last group step 210 of Fig. 2 d, the user asks this image to be used for watching on viewer, the image of preserving indicates in time with notary signature and is provided, therefore viewer can be verified the source of version and the date of issuing proof, and at least according to the checking of the record on the security server, this version is the product of original picture.In step 212, the user uses the image after the viewer request compression.Viewer can be any equipment that the image after allowing to compress is displayed to the user.Viewer is not limited to the display of vision, and it can be for instance, to broadcast the loud speaker of audio image.In step 213, server sends visual hash to viewer, the sign of visual maker, and the image after the compression, time tag separately (being respectively the time tag of image and compression back image), and similarly, notary signature separately.In step 214, the time tag of viewer hash compression back image also uses notarial public-key cryptography deciphering to compress the notary signature of back image with digital time and other information in the time tag of checking image after compression.In step 215, the time tag of viewer hash image also uses the visual notary signature of notarial public-key cryptography deciphering to verify the time tag of image.In step 216, viewer merges the hash of compression back image and the notary signature and the hash amalgamation result of image, in step 218, the server signature of viewer deciphering compression back image and relatively the result of deciphering and hash with visual source and the integrality in checking compression back.In addition, viewer can decipher image server signature and with the hash of image compare with on the cross-check security server about the record of visual maker sign.After two time tags all were verified, the time tag of time tag that viewer can comparison picture and compression back image was very approaching to verify two times.In step 218, viewer decompresses to image.In step 220, the image of viewer after the user shows decompress(ion), visual maker sign (or author's sign), visual submission time, and compression time.
Fig. 3 a-3c has shown another embodiment of the present invention, server compressed video automatically and immediately when receiving wherein, and be time tag of the acquisition of reception separately of the video of video and compression.In first group of step 230 of Fig. 3 a, video is generated and sends to server.In step 232, the author operates the video image maker and generates video and submit this video to server.The image maker can be to be used to create any equipment such as video camera and the microphone that multimedia is expressed.Video can comprise acoustic channel and other data except video image.Preferably, title also is created.In step 233, visual maker at first is the transmission compressed video.For example, visual maker can use MPEG-2 or other simple lossy compression method, or more preferably, by a kind of lossless compression method, compressed video.In step 234, the compression first time of visual maker hash video.The image maker can also be with above-described visual hash hash out of Memory such as visual maker sign or image sequence number.In step 235, visual maker is encrypted this hash to sign this video with the private key of visual maker (or author).The image maker can be stored this video, compression result for the first time, and the signature of hash and visual maker is at least up to the proof that obtains receiving from server.In step 236, visual maker is to the Server Transport video title, for the first time compression result and signature.In step 238, visual maker is deleted this video to save memory space, and behind the receipt of receiving from server, visual maker is deleted the compression result first time of this video then.Replacedly, for the first time compression result can be filed on visual maker, but as described belowly usually only files on server that compression result is more convenient for the first time.
In second group of step 240 of Fig. 3 b, server receives, and checking and storage be compression result for the first time, and video is carried out the compression second time, and obtains the time tag and the time tag signature of compression result for the second time from notary.In step 241, the compression result first time of the signature of server receiver, video, visual maker, title, visual maker sign and other possible relevant information, and beam back receipt to visual maker.In step 242, the compression result and use the visual maker signature of the visual maker public-key cryptography decrypted video first time of server hash video, relatively the result of deciphering and hash is with the source and the integrality of the checking compression result first time.In step 243, server associated ground storage title, author's sign, visual maker signature and the hash of compression result for the first time.In step 244, after finishing checking, the server horse back compressed video second time is to generate compression result for the second time.In step 245, server compresses the result for the first time with the saving memory space, and deletes compression result for the first time from on-line memory.
In step 246, server is title, visual maker sign, and author's sign, signature of visual maker (or signature of author) and compression result merging for the second time, and be combined the result and carry out hash.In step 247, server uses the private key of server to encrypt the hash of amalgamation result with the video of the formation compression second time and the video signatures of server.In step 248, server and title, visual maker signature and other are stored the video of compression for the second time and the video signatures of server for information about explicitly.In step 250, server be server signature from notary's acquisition time sign and notary signature, and with the second time compression result store notarial time tag and signature explicitly.
In last group step 260 of the present embodiment of Fig. 3 c, video is requested on display, verifies and watches.In step 262, the user on display is to the server requests video.In step 263, server sends visual maker sign to display, title, compression result for the second time, notarial time tag (comprising server signature), and notarial signature.The hash of compression result and video image maker signature also can be sent out the source with the cross-check video for the first time.In step 264, display uses notarial public-key cryptography to decipher notarial signature, the hash time tag, and relatively both results indicated with the proving time.In step 265, display merge as described before and hash to form the hash of compression result for the second time, use the public-key cryptography decryption server signature of server, and relatively both results with the checking source and the integrality of compression result for the second time.This display receives the signature of visual maker and the hash of the compression result first time, decipher visual maker signature then, and with the decrypted result and the hash of compression result for the first time compare with on the cross-check server about the record in the compression result source first time.If do not obtain the copy of compression result for the first time, display can not be verified the source and the integrality of compression result for the first time independently.In step 266, viewer (display) to the second time compression result decipher to form the video behind the decompress(ion).At last, in step 267, the user watches this video on display.The user also can watch the out of Memory about this video, such as author's sign, and visual maker sign, the creation-time of compression result, and notarial time mark information for the second time.
Fig. 4 has shown a network 300 of the present invention, and wherein many computer nodes are joined together by cabled communication network and communication equipment 301.This network node comprises a home server 302 and a notary 303.A plurality of creative work station 304-313 is connected with server by communication network, and a plurality of work station 314-323 that watch also can be connected on the server by communication network.The creative work station comprises and is used to create document, and as X ray, test data, scanning, video and audio image, multimedia is expressed, equipment and be used for to the Server Transport document, to the server requests document, and the equipment of revision the document.Watch work station to be mainly used in and show the document, but also can have the function of limited revision the document, as increasing note to the digital document of server requests.
In Fig. 5, the additional detail at the creative work station 304 of Fig. 4 is shown.The creative work station comprises a processor 352 of communicating by letter with electronic memory 353, for example CPU (CPU) or built-in controller.Internal memory comprises program and buffer, wherein program is used for the operation of processor controls, buffer is used for the information that storage receives from the ancillary equipment at creative work station by input and/or output (I/O) circuit 354 (IOC), and by IOC355 sends and reception comes other node of automatic network information.Ancillary equipment can comprise, for example, and keyboard 356, pointing device such as mouse 357, digital camera 358, microphone 359, scanner 360, and jukebox storage 361.
Internal memory comprises program module 370, and this module and user interactions are with the document of generation storage with buffer 371, and initialization processor is to send the document to server.Internal memory comprises program module 372, and this module uses uni-directional hash that document is carried out hash, and uses user's (original author) private key 390 or private key 390 these hash of encryption of work station to provide a digital signature as the document.Internal memory can also comprise a module 373, and this module sends the document that contains signature to server.Program module 375 can be used to document, hash, and/or digital signature stores memory 361 into.For video and audio image, internal memory comprises a program module 376, and this module encodes video into the form of compression, such as JPEG, or MPEG-2 video or more preferably, a kind of lossless compression method, and the compressed format of this video as another document storage in buffer 371.
Under the situation that digital signature is produced by server, authoring system can comprise module 377, this module is used for receiving document signature from server, time tag, and time tag signature stores buffer 371 into, and a module 378, and this module is used for certifying signature and initialization module 375 with the storage document signature, time tag and the time tag memory 361 of signing.
The creative work station also can be used to revise document to produce revision version, and this revision version can be returned to server.Program module 370 can be used for to the server requests document by a reviser.Program module 379 is beamed back the document from server, the receipt of correlation time sign and out of Memory, and program 380 is identified the document.In the one embodiment of the present of invention of Miao Shuing, except that document, the revision station receives a time tag (following description) and notary signature in the above.Module 380 comprises equipment 383 and deciphers notary signature with the hash time tag and with notarial public-key cryptography 393, and module 384 relatively both results are with the source of proving time sign, and checking comprises that the content of the time tag of digital time was not changed.Program 385 hash the document of module 380 and decryption server (or the author) signature (being included in the time tag), and relatively whether both results belong to the document with the signature of determining this server, and checking the document be not changed since serviced device signature.In addition, if the document is a revision version, server also can transmit, module 379 receives the hash of original document, the server of revised edition (or revision author) signature, another time tag and the notary signature of original document, module 385 can be identified the time tag of original document once more then, then decryption server signature (being included in time tag) and with the hash of decrypted result and original document relatively to verify the source of the document.And, among more superincumbent embodiment, merged to form server signature with document in hash with before encrypting such as reviser's signature or former notary signature, under these situations, the signature after module 385 will relatively be deciphered and the appropriate amalgamation result of these projects.Module 386 be used to user interactions with the revision the document.The revision version of the time tag before module 384 has been combined is carried out hash and is encrypted this hash to form the revision document signature.Revision version can be stored in the similar mode of original document with the revision version signature, transmits protection and checking.
In Fig. 6, the additional detail of server 302 is shown among Fig. 4.Server comprises the processor 402 of communicating by letter with electronic memory 403, such as CPU (CPU) or built-in controller.Internal memory comprises program and buffer, and program is used for the operation of processor controls, and buffer is used to store the information of automatic network and sends to information on the network by input and/or output (I/O) circuit 404 (IOC).IOC404 is used for sending information to other node that is connected on the network, or receives information from other node that is connected on the network.Server can be a gateway server, for example, is connected to local client on the network by an IOC, and is connected to Terminal Server Client on other server and/or another network by another IOC.IOC405 is used to store information to magnetic disc store 406, and the information of retrieve stored send information to archive storage equipment 407, and is used to retrieve the information of file by accident.
Internal memory comprises program module 420, and this module copies document by IOC404 between the part of network and buffer 421.Among more superincumbent embodiment, server receives by the document of digital signature from the creative work station.In this case, 423 pairs of documents of program module carry out uni-directional hash, the deciphering digital signature, and relatively both results be not modified since by digital signature with checking the document, and also the source of the document is correct.Among superincumbent another embodiment, server receives the document of not signed by secure network.In this case, program module 423 hash the document are also encrypted this hash with the private key of server or original author's (or creative work station) private key (being stored on the security server in this case).In another embodiment, the reviser is this revision version and time tag, the hash of time tag, or notary signature merges, and the hash amalgamation result is also encrypted this hash to sign this revision version.Like this, this revision version signature not only proves the source and the integrality of revision version, and determines to cause the original document of this revision version.The reviser sends this revision version and revision version signature to server then.In this case, module 423 deciphering revision version signatures on the server, revision version is merged in the mode identical with the reviser with time tag and other information of original document, the hash amalgamation result, and relatively deciphering and the result of hash to verify the source of revision version, the source of original document, and this revision version had not changed since signature.
Among the embodiment on another, server receives unsigned revision version, module 423 can be with revision version and some indications about the source of the original document (hash of document in the past then, author's signature in the past, time tag in the past, time tag hash in the past or former time tag signature) and (the reviser's sign of the indication about the source of revision version, work station identifier) merges, the hash amalgamation result uses the private key of server or original author's private key to encrypt this hash (promptly signing the document) then.
Among the embodiment on another, server receives a document (if do not signed, program 423 signature the document), and module 425 is obtained a time tag for the document then.Module 420 is revised the document automatically then, the amalgamation result of hash original time sign and revision back document, and sign this hash.Module 424 is obtained another time tag for this automatic revision version then.
Among the embodiment on another, module 422 receives a document, module 420 signature the document, if (and not having signature to be received with the document) merges the document and the identification information of revision, module 422 is automatically revised the document then, the hash amalgamation result, and sign this hash.Module 424 is obtained a time tag for the signature of automatic revision version then.
After document is signed, program module 425 sends signature to notary, wherein notary generates and comprises server signature, server identification, sequence number, and the time tag of a digital time (comprising the date) are signed this time tag (with rise time sign signature), and return this time tag and time tag signature, they are received by module 420.This time tag of module 424 hash and decipher this digital signature (using notarial public-key cryptography) verifying that this time tag is from the notary who determines then, and this time tag be not changed since by signature.
For revised document, in order to save at random access storage device 406 (hard disk, DVD, CD-ROM) space in, in being called as the process of filing, the legacy version of program module 426 copy documents is to computer media (for example tape) movably, and these medium are removed from server.If a filed document is requested, program 426 is responsible for the archives tape being loaded into profile storage system 407 and the file of needs being returned on the server.
In Fig. 7, notary 303 additional detail is shown in Fig. 4.Notary comprises a processor 452, such as CPU (CPU) or a built-in controller, communicates by letter with an electronic memory 453.Internal memory comprises program and buffer, the wherein operation of program control processor, and buffer is used to store the information that is received from network and is sent to information on the network by an input and/or output (I/O) circuit 454 (IOC).IOC454 is in order to transmit information to other node that is connected to network, and receives information from other node that is connected to network.IOC455 is used to memory time sign and the time tag hard disk 456 of signing.
Internal memory comprises program module 470, is used to control to the reception of document signature with to the transmission of time tag and time tag signature.When a notary signature is requested, program 470 is with document signature part of 471 from the network-copy to the buffer.After time tag and notary signature were generated, program 470 copied time tag and time tag signature to network from the part of buffer 471.Program module 472 reads server signature and generates a time tag from buffer, comprising: server signature, received time of server signature (with any form), notary's sign, and sequence number.This time tag of module 472 hash is also encrypted this hash to form notarial time tag signature with notarial private key then.Module 473 is prepared the transmission of this time tag and notary signature and the transmission that will prove are stored into buffer 471 then, and initialization module 470 is should notarial proof sending it back to the client.Program module 474 also copies time tag and time tag signature to hard disk drive 456 as a time tag signature record together by IOC455.
When the checking to the authenticity of time tag signature is requested, this request may provide document signature, time tag, time tag signature, or sequence number.Notary comprises module 476 and is used for proving (time tag and notarial signature) from memory 456 retrievals, also can comprise module 477 and be used for information and the information in the record that checking asks to provide are compared and determine whether to mate.Module 478 is prepared the time tag record and/or is identified the transmission of the comparative result of this information then, and answer is stored in the buffer 471, and module 470 sends to answer.
Fig. 8 has shown the example of a programmable computer system 500 and different equipment, and these equipment are known for those skilled in the art, are used for such programmable calculator is programmed.This computer system promptly can be by will comprising the structure that is programmed nonvolatile memory (as ROM, PROM, EEPROM, flash memory, the SRAM of band backup battery) is connected to programmable calculator and is programmed, also can be programmed with the signal that the structure that is programmed is provided by the memory that can be employed with programmable calculator is provided to programmable calculator.Another computer system 501 can be connected to system 500 to be provided for the signal of programing system 500 by communication equipment 502 such as an Internet server.Equipment 502 can comprise a copper cable or optical cable, radio system, infrared receiver, or such as Ethernet, ARCnet, the network of token ring, or modulator-demodulator and telephone system.Memory driver 503 can have incorporate medium 504, and is added to system 500 movably, and perhaps driver 503 can be integrated with system 500, and from computer media 504 received signals movably.System 500 can comprise a user interface 505 and program input module 506, and written material can be provided.The user can use the equipment (not being shown) of user interface, keyboard for example, textual scan instrument, microphone, camera or bar code reader, input signal.The signal that offers system 500 can be copied into memory driver in order to being loaded into volatile memory 507 later on or storing nonvolatile memory 508 into so that the structure that is programmed to be provided.Replacedly, system can be programmed by the nonvolatile memory that is programmed is provided.System 500 can comprise a groove, and a facility that comprises nonvolatile memory as PC flash memory card, is connected so that the equipment of being programmed to be provided therein.System 500 can comprise a socket 511, and a non-volatile component 512 can be inserted into so that the equipment of being programmed to be provided therein.System 500 can comprise a non-volatile internal memory 508 so that the equipment of being programmed to be provided.Be programmed structure and comprise program in the internal memory and other data, the microprocessor 513 and the I/O processor of their control programmable calculators, for example 114 to realize Computer Processing.Computer system can be a work station, modulator-demodulator, PC card, printer, or the scalable element of other software.The method of a computer system of other known programming also can be used.
The present invention is described with reference to certain embodiments, comprises realizing best mode of the present invention, and enough detailed for any those skilled in the art can implement and utilize the present invention.Those those skilled in the art can revise those embodiment or other embodiment that meets spirit of the present invention is provided, and therefore, the description of front is not limited to the present invention disclosed embodiment.The present invention only is subjected to the restriction of following appended claim.

Claims (22)

1. a computer network (300) comprising:
A user machine system (304,350) provides the user capture to network, comprises:
Be used to provide the device (356-360 and 370) of original document;
In order to generate the device (372,422) of document signature from original document; And
Device (355,374) in order to transmission original document signature;
A trusted computer system (303,450) comprises:
In order to receive the device (454,470) of document signature from custom system;
In order to the device (472) of the time tag that comprises document signature and document received digit time to be provided; And
In order to device (473,454,470) to custom system transmission time sign;
Custom system further comprises:
In order to accept and to store the device (377,355,375,384) of the time tag of original document;
Be used to revise the device (386) of original document to generate revised document; And
In order to generate the device (387) of the signature of revising the back document according to revised document;
Wherein be modified to transmit the signature of revision back document in order to the device (355,373) of transferring documents signature;
This computer network further comprises device (377,378,424,472,476,477,383,384 and 485) with the qualification time sign; And
The signature of document also depends on the time tag of original document after it is characterized in that revising.
2. the network of claim 1, wherein the device of qualification time sign comprises:
Be used for private key (490) in the safety system enciphered data;
Can be to the public-key cryptography (491) that uses this private key ciphered data to be decrypted;
In order in safety system, to use the device (472) of private key from time tag rise time sign signature;
In order to device (473) to custom system transmission time sign signature;
In order to use the device (383) of public-key cryptography deciphering time tag signature in custom system;
In order on custom system, the time tag of the hash of time tag or time tag and deciphering is compared to determine whether believable device (384) of time tag.
3. the network of claim 1, wherein the device of qualification time sign comprises:
Be used for the safe storage (456) that indicate memory time on safety system;
In order to the device (425) that indicates to the safety system transmission time from custom system;
In order to indicate the device (475) of safety system retrieval time from safe storage;
In order to time tag that relatively retrieves and the device (476) that transmits the time tag that comes; And
In order to according to comparative result, identify the device (477) of success or failure signal to the custom system transmission from safety system.
4. the network of claim 1, wherein the device of qualification time sign comprises:
In order to use private key to generate the device (472) of first time tag signature from time tag in safety system;
In order to device (470,473) to custom system transmission time sign and first time tag signature;
In order to device to safety system return time sign;
In order on safety system, to generate the device (473) of second time tag signature from the time tag that returns;
In order to device to second time tag signature of custom system transmission; And
In order to compare first time tag signature and the device (383) of second time tag signature with the authenticity of proving time sign.
5. the network of claim 1, wherein:
Comprise a previous time tag and time tag signature from the content of security server transmission, and a time tag and a time tag signature afterwards, each time tag comprises client's sign;
Custom system storage previous and time tag afterwards and signature; And
Be suitable for the customer interaction of determining by time tag afterwards and obtain the copy of time tag and time tag signature from this client afterwards in order to the device of qualification time sign.
6. the network of claim 1, the device that wherein is used to revise document is automatically revised the document after receiving document.
7. the network of claim 1, wherein user machine system comprises that a creative work station (350) is used to generate document and a security server (400) is used to store document, document signature, and document time tag.
8. a computer system (304,350) comprising:
Be used to provide the device (356,360 and 370) of original document;
In order to generate the device (372,422) of document signature from original document;
Be used to revise the device (386) of original document to generate revised document; And
In order to generate the device (387) of the signature of revising the back document according to revised document;
It is characterized in that the signature of revising the back document also depends on the original document signature.
9. the computer system of claim 8 (304,350) comprising:
In order to sign with the device (355,374) of mark time to trusted computer system (303,450) transmission original document;
In order to receive and to store the device (377,355,375,384) of the time tag of original document from trusted computer system; This time tag comprises original document signature and the digit time when this time tag of indication is generated; And
Wherein the signature of revision back document depends on the digit time in the time mark of original document.
10. a computer network comprises:
Be used for the author creates original document on the work station of user-accessible device (356-360 and 370);
Be used for device (355,374) to security server transmission original document;
Be used to this original document to generate the device (372,422) of signature;
In order to use this signature not to be changed and to discern the device (423) of user or work station with proof the document;
Be used for from security server to notary transmit original document signature device (420,422);
Be used to be provided at the device (472) of the time tag at notary place, the digit time that this time tag comprises the original document signature and indicates this signature when to be received by this notary;
Be used for device (470,473) to security server transmission time sign;
Be used to verify the believable device of this time tag (424);
Be used to revise the device (422) of original document;
Be used for generating for this revised document the device (422) of signature according to revised document;
The signature that it is characterized in that revising the back document also depends on original document, and therefore, this revised document is the product of the original document that can be verified.
11. a kind of method of operational computations machine network comprises the steps:
Original document is provided on custom system;
Generate revised document according to original document;
Generate the signature of revision back document, comprise revised document is carried out hash with the fingerprint that generates document and encrypt the document fingerprint;
From the signature of custom system to trusted computer system transmission revision back document;
For revised document provides a time tag, this time tag comprises the signature of revision back document and the digit time of indicating this time tag when to be generated;
Transmit this time tag from safety system to custom system, this time tag comprises the signature of revision back document;
Determine whether this time tag is credible; And
Afterwards whether the hash of document is consistent determines whether the signature of the back document of this revision in the time tag is credible according to the signature of document after the revision of deciphering and this revision;
It is characterized in that the process that generates the document fingerprint comprises that with this revised document of indication be to carry out hash from the information that original document generates with revised document; Its feature is also to determine whether believable process comprises whether definite this revised document generates from original document, and it comprises with the original document indication information carries out hash to regenerate the document fingerprint with revised document to this revised document.
12. the method for claim 11 determines wherein whether believable step comprises following steps to time tag:
Time tag is stored in the safe storage of safety system;
Indicate to the safety system transmission time from custom system;
Relatively from the time tag of custom system and the time tag in safe storage;
To custom system transmission comparative result; And
Determine according to comparative result whether time tag is credible.
13. the method for claim 11 determines wherein whether believable step comprises following steps to time tag:
A private key is provided on safety system;
On safety system, encrypt time tag with rise time sign signature;
Sign to custom system transmission time sign from safety system;
Sign to safety system transmission time sign and time tag from custom system;
Use private key to encrypt time tag and indicate certifying signature with the rise time;
Relatively time tag is signed and the time tag certifying signature; And
Determine according to comparative result whether time tag is credible.
14. the method for claim 11 determines wherein whether believable step comprises following steps to time tag:
A private key is provided on safety system;
On safety system, use private key to encrypt time tag with rise time sign signature;
Sign to custom system transmission time sign from safety system;
On custom system, provide a public-key cryptography for this private key;
Use public-key cryptography deciphering time tag signature;
Relatively Xie Mi time tag signature and time tag or to the result of time tag; And
Determine according to comparative result whether time tag is credible.
15. the method for claim 11 determines wherein whether believable step comprises following steps to time tag:
Identify the client's of time tag afterwards information to the custom system transmission;
Transmit the time tag of revision back document to client afterwards;
Time tag with afterwards client communication document with the time tag of revision back document relatively and after being transferred to client's afterwards revision.
16. the method for claim 11, wherein
Generate the fingerprint of revision back document, comprise with the information in the source of indicating revision back document revised document is carried out hash; And
Whether the signature of determining revision back document is credible, comprises determining that whether revised document is from this source, comprising with this source indication information revised document being carried out hash to regenerate the document fingerprint.
17. the method for claim 11, wherein the original document indication information depends on the signature of original document.
18. the method for claim 11, wherein the original document indication information depends on the source of original document.
19. the method for claim 11, wherein
This method further is included as original document and obtains time tag; And
The source indication information depends on the mark time of the time tag of original document.
20. the method for claim 11, wherein
Indicate the revision author's of revised document the information of identity to be comprised in the hash of revised edition, and
Whether the signature of determining revision back document is credible, comprises with writer identity information revised document is carried out hash.
21. a method of revising document comprises
From safety system to the addressable system transmissions the document of reviser, the time tag of document, and the time tag of the document signature;
Automatically use notarial public-key cryptography to verify that this time tag and signature are to be generated by notary listed in the time tag, and this time tag was not changed;
Automatically using original author's public-key cryptography to come the document signature in the proving time sign is to be generated by the original author, and the document be not changed since signature is generated;
According to checking revision document;
Transmit revised document from the addressable system of reviser to security server;
Use revision version original author's private key to come to generate a signature for revised document;
Transmit the signature of revision back document to notary;
The time tag of document after the revision of the mark the time when signature that generation comprises the signature of revision back document and indicates the back document of this revision is received by notary;
Use notarial private key to think that the time tag of revision back document generates a signature;
Time tag and time tag signature to server passback revision back document; And
The revised document of storage in the safe storage of security server, the time tag of revision back document, and the time tag signature of revision back document.
22. a method that is used for automatically revising document comprises
Transmit original document from authoring system to client;
At the revised document of client system stores;
Use private key for should generating a signature by revised document, this signature comprises and is used to the product that proves that this revised document is an original document, generate by the client, and since the revised edition signature information of modification etc.;
From the signature of client to electronics notarization system transmissions revision back document;
Be that revised document generates a time tag record, comprise the signature of revision back document, and indication the document digit time of when being received by the notarization system;
Use the private key encryption time tag of notarization system to think that this time tag generates a digital signature;
This time tag of storage and time tag signature in electronics notarization system;
Transmit this time tag and time tag signature to the client; And
At this time tag of client system stores and time tag signature.
CNB98804725XA 1997-12-31 1998-12-28 Transmitting revisions with digital signatures Expired - Lifetime CN1149784C (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US09/002,098 1997-12-31
US09/002,098 US6601172B1 (en) 1997-12-31 1997-12-31 Transmitting revisions with digital signatures

Publications (2)

Publication Number Publication Date
CN1254464A true CN1254464A (en) 2000-05-24
CN1149784C CN1149784C (en) 2004-05-12

Family

ID=21699239

Family Applications (1)

Application Number Title Priority Date Filing Date
CNB98804725XA Expired - Lifetime CN1149784C (en) 1997-12-31 1998-12-28 Transmitting revisions with digital signatures

Country Status (8)

Country Link
US (1) US6601172B1 (en)
EP (1) EP0963637B1 (en)
JP (2) JP2001515612A (en)
KR (1) KR20000075866A (en)
CN (1) CN1149784C (en)
CA (1) CA2282479A1 (en)
DE (1) DE69838094T2 (en)
WO (1) WO1999035785A2 (en)

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1324836C (en) * 2003-12-17 2007-07-04 上海市高级人民法院 Method of applying timestamp in remote signature system
CN100334830C (en) * 2001-03-07 2007-08-29 迪布尔特有限公司 Automated transaction machine digital signature system and method
CN100418065C (en) * 2005-10-21 2008-09-10 万国电脑股份有限公司 Accumulator with showing application progress and the method of showing application progress
CN1753360B (en) * 2004-09-26 2010-07-28 华为技术有限公司 Method of improving digital signing safety
CN102542405A (en) * 2011-12-14 2012-07-04 金峰顺泰知识产权有限公司 Digital archive storage and identification method and system
CN103842984A (en) * 2011-09-29 2014-06-04 亚马逊技术股份有限公司 Parameter based key derivation
US9872067B2 (en) 2012-03-27 2018-01-16 Amazon Technologies, Inc. Source identification for unauthorized copies of content
US9954866B2 (en) 2011-09-29 2018-04-24 Amazon Technologies, Inc. Parameter based key derivation
US10044503B1 (en) 2012-03-27 2018-08-07 Amazon Technologies, Inc. Multiple authority key derivation
US10116440B1 (en) 2016-08-09 2018-10-30 Amazon Technologies, Inc. Cryptographic key management for imported cryptographic keys
US10356062B2 (en) 2012-03-27 2019-07-16 Amazon Technologies, Inc. Data access control utilizing key restriction
CN110785760A (en) * 2017-05-03 2020-02-11 埃尼吉奥时光公司 Method and system for registering digital documents
US20200278948A1 (en) * 2017-11-24 2020-09-03 4Dream Co., Ltd. Method, apparatus and system for managing electronic fingerprint of electronic file
US20220141211A1 (en) * 2016-06-03 2022-05-05 Docusign, Inc. Universal access to document transaction platform
US11546169B2 (en) 2014-06-27 2023-01-03 Amazon Technologies, Inc. Dynamic response signing capability in a distributed system

Families Citing this family (99)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7543018B2 (en) * 1996-04-11 2009-06-02 Aol Llc, A Delaware Limited Liability Company Caching signatures
EP1102205A4 (en) * 1998-08-04 2005-04-13 Fujitsu Ltd Signature system for presenting user signature information
US6868433B1 (en) 1998-09-11 2005-03-15 L.V. Partners, L.P. Input device having positional and scanning capabilities
US6636896B1 (en) 1998-09-11 2003-10-21 Lv Partners, L.P. Method and apparatus for utilizing an audibly coded signal to conduct commerce over the internet
US6745234B1 (en) 1998-09-11 2004-06-01 Digital:Convergence Corporation Method and apparatus for accessing a remote location by scanning an optical code
US7379901B1 (en) 1998-09-11 2008-05-27 Lv Partners, L.P. Accessing a vendor web site using personal account information retrieved from a credit card company web site
US6704864B1 (en) 1999-08-19 2004-03-09 L.V. Partners, L.P. Automatic configuration of equipment software
US7392945B1 (en) 1998-09-11 2008-07-01 Lv Partners, L.P. Portable scanner for enabling automatic commerce transactions
US7440993B1 (en) 1998-09-11 2008-10-21 Lv Partners, L.P. Method and apparatus for launching a web browser in response to scanning of product information
US6823388B1 (en) 1998-09-11 2004-11-23 L.V. Parners, L.P. Method and apparatus for accessing a remote location with an optical reader having a programmable memory system
US7191247B1 (en) 1998-09-11 2007-03-13 Lv Partners, Lp Method for connecting a wireless device to a remote location on a network
US7386600B1 (en) 1998-09-11 2008-06-10 Lv Partners, L.P. Launching a web site using a personal device
US6587945B1 (en) * 1998-12-28 2003-07-01 Koninklijke Philips Electronics N.V. Transmitting reviews with digital signatures
ATE334526T1 (en) * 1999-02-26 2006-08-15 Bitwise Designs Inc DIGITAL DATA MANAGEMENT AND IMAGING SYSTEM AND METHOD WITH SECURE DATA MARKING
US7394573B1 (en) * 1999-04-14 2008-07-01 Xerox Corporation System for authenticating hardcopy documents
US8868914B2 (en) * 1999-07-02 2014-10-21 Steven W. Teppler System and methods for distributing trusted time
US6895507B1 (en) * 1999-07-02 2005-05-17 Time Certain, Llc Method and system for determining and maintaining trust in digital data files with certifiable time
US7409557B2 (en) 1999-07-02 2008-08-05 Time Certain, Llc System and method for distributing trusted time
US6948069B1 (en) 1999-07-02 2005-09-20 Time Certain, Llc Method and system for determining and maintaining trust in digital image files with certifiable time
US6898709B1 (en) 1999-07-02 2005-05-24 Time Certain Llc Personal computer system and methods for proving dates in digital data files
CA2317139C (en) * 1999-09-01 2006-08-08 Nippon Telegraph And Telephone Corporation Folder type time stamping system and distributed time stamping system
IL148918A0 (en) * 1999-09-30 2002-09-12 Us Postal Service Systems and methods for authenticating an electronic message
US6792536B1 (en) 1999-10-20 2004-09-14 Timecertain Llc Smart card system and methods for proving dates in digital files
EP1094424A3 (en) * 1999-10-22 2004-06-16 Hitachi, Ltd. Digital signing method
US20050160272A1 (en) * 1999-10-28 2005-07-21 Timecertain, Llc System and method for providing trusted time in content of digital data files
US7519824B1 (en) * 1999-12-10 2009-04-14 International Business Machines Corporation Time stamping method employing multiple receipts linked by a nonce
US7412462B2 (en) * 2000-02-18 2008-08-12 Burnside Acquisition, Llc Data repository and method for promoting network storage of data
WO2001088825A2 (en) * 2000-05-18 2001-11-22 Excel Tech Ltd. Distributed system for patient monitoring and patient data communication using time stamping
US7107453B2 (en) * 2000-05-25 2006-09-12 Hewlett-Packard Development Company, L.P. Authenticatable graphical bar codes
KR20010008268A (en) * 2000-11-20 2001-02-05 이계철 A new time stamping service for setting client's system clock
KR20020065687A (en) * 2001-02-07 2002-08-14 (주)케이사인 The Integrated Office Program for Security Services
US20040201765A1 (en) * 2001-03-19 2004-10-14 Gammenthaler Robert S. In-car digital video recording with MPEG compression
JP2002318634A (en) * 2001-04-20 2002-10-31 Hitachi Ltd Electronic signature verification method and its system and electronic signature verification program and recording medium with its program recorded
US20030093678A1 (en) * 2001-04-23 2003-05-15 Bowe John J. Server-side digital signature system
EP1436682B1 (en) * 2001-06-15 2015-09-02 Link Us All, Llc System and method for specifying security, privacy, and access control to information used by others
US7246235B2 (en) * 2001-06-28 2007-07-17 Intel Corporation Time varying presentation of items based on a key hash
GB0122169D0 (en) * 2001-09-13 2001-10-31 Ncipher Corp Ltd Digital time stamping system
KR20010106364A (en) * 2001-10-31 2001-11-29 김성기 Method of a notarial act of the electrical documents delivered through the internet
US20030097350A1 (en) * 2001-11-06 2003-05-22 Shamrao Andrew Divaker Handheld computer systems and methods
US20030120930A1 (en) * 2001-12-21 2003-06-26 Simpson Shell S. Document notarization system and method
US20030145200A1 (en) * 2002-01-31 2003-07-31 Guy Eden System and method for authenticating data transmissions from a digital scanner
US20030221109A1 (en) * 2002-05-24 2003-11-27 Pure Edge Solutions, Inc. Method of and apparatus for digital signatures
AU2003248959A1 (en) * 2002-07-30 2004-02-16 Security And Standards Limited Electronic sealing for electronic transactions
GB0217610D0 (en) * 2002-07-30 2002-09-11 Security & Standards Ltd An electronic sealing and registration method for electronic transaction
US7243231B2 (en) 2002-07-31 2007-07-10 Intel Corporation Sensory verification of shared data
EP3547599A1 (en) 2002-08-06 2019-10-02 Apple Inc. Methods for secure enrollment and backup of personal identity credentials into electronic devices
US20050288571A1 (en) * 2002-08-20 2005-12-29 Welch Allyn, Inc. Mobile medical workstation
US20040186357A1 (en) * 2002-08-20 2004-09-23 Welch Allyn, Inc. Diagnostic instrument workstation
US7340611B2 (en) * 2003-01-28 2008-03-04 Microsoft Corporation Template-driven XML digital signature
US7478096B2 (en) * 2003-02-26 2009-01-13 Burnside Acquisition, Llc History preservation in a computer storage system
US20050125656A1 (en) * 2003-06-16 2005-06-09 Rizwan Mallal Electronic notary system and method for long-term digital signature authentication
US20050235140A1 (en) * 2004-03-11 2005-10-20 Hui Chi-Kwong System and method for secure preservation and long term archival of electronic documents
US7809700B2 (en) * 2004-04-09 2010-10-05 Capital One Financial Corporation Methods and systems for verifying the accuracy of reported information
JP2006050504A (en) * 2004-08-09 2006-02-16 Canon Inc Image processing device and method thereof
CN100466516C (en) * 2004-09-09 2009-03-04 杭州中正生物认证技术有限公司 Biological identifying device and method for proofing replay attach
JP4520259B2 (en) * 2004-09-14 2010-08-04 株式会社リコー Multimedia recording apparatus, multimedia recording method, and multimedia recording system
EP1643402A3 (en) * 2004-09-30 2007-01-10 Sap Ag Long-term authenticity proof of electronic documents
DE102004052934B4 (en) * 2004-10-29 2007-07-12 Compugroup Holding Ag Procedure for entering a file in a network
DE102004063962B4 (en) * 2004-10-29 2009-04-02 Compugroup Holding Ag Converter and signing module
JP4722599B2 (en) * 2005-07-13 2011-07-13 富士通株式会社 Electronic image data verification program, electronic image data verification system, and electronic image data verification method
JP2007025866A (en) * 2005-07-13 2007-02-01 Konica Minolta Business Technologies Inc User interface device and image reader
JP4455474B2 (en) * 2005-11-04 2010-04-21 株式会社東芝 Time stamp update device and time stamp update program
US20070162761A1 (en) 2005-12-23 2007-07-12 Davis Bruce L Methods and Systems to Help Detect Identity Fraud
US20070220260A1 (en) * 2006-03-14 2007-09-20 Adobe Systems Incorporated Protecting the integrity of electronically derivative works
EP2048812A4 (en) * 2006-08-04 2014-05-07 Fujitsu Ltd Electronic document management program, method, and device
WO2008071795A2 (en) * 2006-12-15 2008-06-19 Boesgaard Soerensen Hans Marti Digital data authentication
US9179200B2 (en) * 2007-03-14 2015-11-03 Digimarc Corporation Method and system for determining content treatment
KR100822790B1 (en) * 2007-01-24 2008-04-17 조성진 System for providing forgery/alteration protective proof data against illegal reproduction and method for thereof
US8341616B2 (en) * 2007-03-28 2012-12-25 International Business Machines Corporation Updating digitally signed active content elements without losing attributes associated with an original signing user
US9223784B2 (en) * 2007-03-28 2015-12-29 Ricoh, Co., Ltd. Method and apparatus for archiving media using a log
US9363258B2 (en) 2007-12-17 2016-06-07 International Business Machines Corporation Secure digital signature system
US20100010320A1 (en) * 2008-07-07 2010-01-14 Perkins David G Mobile medical workstation and a temporarily associating mobile computing device
US8677133B1 (en) * 2009-02-10 2014-03-18 Google Inc. Systems and methods for verifying an electronic documents provenance date
US8504480B2 (en) * 2011-02-03 2013-08-06 Ricoh Co., Ltd Creation of signatures for authenticating applications
JP5225412B2 (en) * 2011-03-03 2013-07-03 株式会社東芝 Communication apparatus and communication method
CN102143183A (en) * 2011-03-24 2011-08-03 镇江星浪科技产品有限公司 Document versioning method
US9274595B2 (en) 2011-08-26 2016-03-01 Reincloud Corporation Coherent presentation of multiple reality and interaction models
US9178701B2 (en) 2011-09-29 2015-11-03 Amazon Technologies, Inc. Parameter based key derivation
US9197409B2 (en) 2011-09-29 2015-11-24 Amazon Technologies, Inc. Key derivation techniques
DE102012104947B4 (en) * 2012-06-07 2016-06-30 cp.media AG Method of creating a secured data object and system
US9323950B2 (en) 2012-07-19 2016-04-26 Atmel Corporation Generating signatures using a secure device
US20140089670A1 (en) * 2012-09-27 2014-03-27 Atmel Corporation Unique code in message for signature generation in asymmetric cryptographic device
US9118467B2 (en) 2013-03-13 2015-08-25 Atmel Corporation Generating keys using secure hardware
SE537697C2 (en) 2013-08-08 2015-09-29 Enigio Time Ab Procedure for generating signals for time stamping of documents and procedure for time stamping of documents
US9584530B1 (en) * 2014-06-27 2017-02-28 Wickr Inc. In-band identity verification and man-in-the-middle defense
US10868672B1 (en) 2015-06-05 2020-12-15 Apple Inc. Establishing and verifying identity using biometrics while protecting user privacy
US11140171B1 (en) 2015-06-05 2021-10-05 Apple Inc. Establishing and verifying identity using action sequences while protecting user privacy
US11941588B2 (en) 2015-11-06 2024-03-26 Cable Television Laboratories, Inc. Systems and methods for blockchain virtualization and scalability
US11494761B2 (en) * 2015-11-06 2022-11-08 Cable Television Laboratories, Inc. Systems and methods for digital asset security ecosystems
KR101727126B1 (en) * 2015-12-29 2017-04-14 주식회사 코인플러그 Method and server for notarizing and verifying file
KR101772553B1 (en) * 2015-12-29 2017-08-30 주식회사 코인플러그 Method and server for notarizing and verifying file
US10482255B2 (en) 2016-02-16 2019-11-19 Atmel Corporation Controlled secure code authentication
US10474823B2 (en) 2016-02-16 2019-11-12 Atmel Corporation Controlled secure code authentication
US10616197B2 (en) 2016-04-18 2020-04-07 Atmel Corporation Message authentication with secure code verification
CN107026841B (en) 2016-11-24 2021-07-30 创新先进技术有限公司 Method and device for publishing works in network
US10541818B2 (en) * 2017-04-19 2020-01-21 International Business Machines Corporation Decentralized biometric signing of digital contracts
DE102018113148A1 (en) * 2018-06-01 2019-12-05 Thorsten Windmann Method for audit-proof storage of data
US10917793B2 (en) * 2018-08-17 2021-02-09 T-Moblle USA, Inc. Verifying network subsystem integrity with blockchain
JP6838260B2 (en) 2018-11-14 2021-03-03 カウリー株式会社 Blockchain control method

Family Cites Families (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5005200A (en) * 1988-02-12 1991-04-02 Fischer Addison M Public key/signature cryptosystem with enhanced digital signature certification
US5347579A (en) * 1989-07-05 1994-09-13 Blandford Robert R Personal computer diary
US5022080A (en) * 1990-04-16 1991-06-04 Durst Robert T Electronic notary
US5136646A (en) * 1991-03-08 1992-08-04 Bell Communications Research, Inc. Digital document time-stamping with catenate certificate
US5422953A (en) * 1993-05-05 1995-06-06 Fischer; Addison M. Personal date/time notary device
JPH07162451A (en) * 1993-12-13 1995-06-23 Hitachi Ltd Electronic circulation system
JPH10504150A (en) * 1994-07-19 1998-04-14 バンカーズ トラスト カンパニー A method for securely using digital signatures in commercial cryptosystems
CN1149783C (en) * 1994-10-28 2004-05-12 舒尔蒂,Com股份有限公司 Digital document authentication system for providing certificate which authenticates and uniquely identifies document
US5748738A (en) * 1995-01-17 1998-05-05 Document Authentication Systems, Inc. System and method for electronic transmission, storage and retrieval of authenticated documents
WO1998002120A1 (en) * 1996-07-12 1998-01-22 Recorde Limited Non-slip bandage

Cited By (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100334830C (en) * 2001-03-07 2007-08-29 迪布尔特有限公司 Automated transaction machine digital signature system and method
CN1324836C (en) * 2003-12-17 2007-07-04 上海市高级人民法院 Method of applying timestamp in remote signature system
CN1753360B (en) * 2004-09-26 2010-07-28 华为技术有限公司 Method of improving digital signing safety
CN100418065C (en) * 2005-10-21 2008-09-10 万国电脑股份有限公司 Accumulator with showing application progress and the method of showing application progress
CN103842984A (en) * 2011-09-29 2014-06-04 亚马逊技术股份有限公司 Parameter based key derivation
CN103842984B (en) * 2011-09-29 2017-05-17 亚马逊技术股份有限公司 Parameter based key derivation
US11356457B2 (en) 2011-09-29 2022-06-07 Amazon Technologies, Inc. Parameter based key derivation
US9954866B2 (en) 2011-09-29 2018-04-24 Amazon Technologies, Inc. Parameter based key derivation
US10721238B2 (en) 2011-09-29 2020-07-21 Amazon Technologies, Inc. Parameter based key derivation
CN102542405A (en) * 2011-12-14 2012-07-04 金峰顺泰知识产权有限公司 Digital archive storage and identification method and system
US10425223B2 (en) 2012-03-27 2019-09-24 Amazon Technologies, Inc. Multiple authority key derivation
US11146541B2 (en) 2012-03-27 2021-10-12 Amazon Technologies, Inc. Hierarchical data access techniques using derived cryptographic material
US10356062B2 (en) 2012-03-27 2019-07-16 Amazon Technologies, Inc. Data access control utilizing key restriction
US9872067B2 (en) 2012-03-27 2018-01-16 Amazon Technologies, Inc. Source identification for unauthorized copies of content
US10044503B1 (en) 2012-03-27 2018-08-07 Amazon Technologies, Inc. Multiple authority key derivation
US11546169B2 (en) 2014-06-27 2023-01-03 Amazon Technologies, Inc. Dynamic response signing capability in a distributed system
US11811950B1 (en) 2014-06-27 2023-11-07 Amazon Technologies, Inc. Dynamic response signing capability in a distributed system
US20220141211A1 (en) * 2016-06-03 2022-05-05 Docusign, Inc. Universal access to document transaction platform
US11962578B2 (en) 2016-06-03 2024-04-16 Docusign, Inc. Universal access to document transaction platform
US11184155B2 (en) 2016-08-09 2021-11-23 Amazon Technologies, Inc. Cryptographic key management for imported cryptographic keys
US10116440B1 (en) 2016-08-09 2018-10-30 Amazon Technologies, Inc. Cryptographic key management for imported cryptographic keys
CN110785760A (en) * 2017-05-03 2020-02-11 埃尼吉奥时光公司 Method and system for registering digital documents
CN110785760B (en) * 2017-05-03 2023-12-05 埃尼吉奥时光公司 Method and system for registering digital documents
US20200278948A1 (en) * 2017-11-24 2020-09-03 4Dream Co., Ltd. Method, apparatus and system for managing electronic fingerprint of electronic file

Also Published As

Publication number Publication date
US6601172B1 (en) 2003-07-29
DE69838094T2 (en) 2008-04-03
EP0963637B1 (en) 2007-07-18
WO1999035785A2 (en) 1999-07-15
EP0963637A2 (en) 1999-12-15
JP2001515612A (en) 2001-09-18
JP2010187419A (en) 2010-08-26
KR20000075866A (en) 2000-12-26
WO1999035785A3 (en) 1999-09-16
CA2282479A1 (en) 1999-07-15
DE69838094D1 (en) 2007-08-30
CN1149784C (en) 2004-05-12

Similar Documents

Publication Publication Date Title
CN1149784C (en) Transmitting revisions with digital signatures
US6587945B1 (en) Transmitting reviews with digital signatures
US6425081B1 (en) Electronic watermark system electronic information distribution system and image filing apparatus
US7216232B1 (en) Method and device for inserting and authenticating a digital signature in digital data
US8223968B2 (en) Image data verification program recorded on a recording medium, image data verification method, and image data verification system
US7552335B2 (en) Information processing apparatus, method therefor, computer program, and computer-readable storage medium
US20130247218A1 (en) System And Method For Verifying Authenticity Of Documents
US20070050696A1 (en) Physical key for accessing a securely stored digital document
JP4765482B2 (en) Document management system, document management program, and document management method
JP2009533908A (en) Method and apparatus for delivering encoded content
JP2000056681A (en) Digital data recorder with security information
US20030126446A1 (en) Method and system for providing a secure time reference in a worm environment
JP3374100B2 (en) Content ID assignment system
US20030065619A1 (en) Information processing device, information processing method, network system, security method for digital information, storage medium and program
US20080307232A1 (en) Method and a System for Authenticating and Recording Digital Documents and/or Files
JP2000322433A (en) Contents directory server
JP4861704B2 (en) Electronic evidence data disclosure method and system
CN112989434A (en) Electronic document encryption tamper-proof decryption verification method
JP3723379B2 (en) Content directory system
JP2000322432A (en) Contents directory system
JP2000322308A (en) Content directory system
JP2000324166A (en) Content directory system
JP2000322431A (en) Contents id impartation system
KR20150129634A (en) Method for Processing Electronic Document

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CX01 Expiry of patent term

Granted publication date: 20040512

CX01 Expiry of patent term